Monday, June 17, 2013

Cyber Security News and Education for the Week of June 17, 2013

Cyber Security News of the Week

 From our friends at Citadel information Group

Stan Stahl's Commentary
This week's cyber security news is dominated by the revelation of the NSA's PRISM program. We cover the story in several sections.

News stories in the Cyber Privacy Section deal with the privacy implications of PRISM. Stories in the National Cyber Security Section deal with PRISM from the national security angle. And a story in the Cyber Security Management - Cyber Defense Section provides information on making Internet communications safe from prying eyes, whether the NSA or others.

I had the opportunity on Thursday to discuss PRISM with Dr. Patrick O'Heffernan on hisFairness Radio program. The program US gov cyberspying: what is the truth with Stan Stahl can be heard on BlogTalkRadio.

Over and above the cyber security implications of PRISM lies one of the most profound challenges a free people face. We the people must navigate the ever-changing balance between our right to be safe and secure from government prying into our private affairs while at the same time ensuring that the government can collect the information it needs to protect us from terrorists, cyber criminals and others who mean to do us harm.

This makes PRISM a civics lesson as much as a cyber security story. As such it connects deeply with my blog  The Agnostic Patriot. The blog is home to more than 50 essays I have written - and continue to write - on our generation's responsibility to advance the continued co-creation of America's more perfect union. The blog reflects my perspective that one can find truth - more importantly, wisdom - in multiple different points of view, even points of view that are seemingly opposed. The stories this week about PRISM reflect this perspective.

Cyber Attack
Iranian Elections Bring Lull in Bank Attacks: For nearly nine months, hacker groups thought to be based in Iran have been launching large-scale cyberattacks designed to knock U.S. bank Websites offline. But those assaults have subsided over the past few weeks as Iranian hacker groups have begun turning their attention toward domestic targets, launching sophisticated phishing attacks against fellow citizens leading up to today's presidential election there. KrebsOnSecurity, June 14, 2013

Cyber Crime
Cyber-crime devastates global economic growth, world economic powers told: G-20 economies have lost 2.5 million jobs to counterfeiting and piracy while governments and consumers lose $125 billion annually to cyber-attacks, former White House official warns. The Vancouver Sun, June 13, 2013

Cyber Privacy
Web companies begin releasing surveillance information after U.S. deal: (Reuters) - Facebook and Microsoft have struck agreements with the U.S. government to release limited information about the number of surveillance requests they receive, a modest victory for the companies as they struggle with the fallout from disclosures about a secret government data-collection program. Reuters, June 15, 2013

Secret Court Ruling Put Tech Companies in Data Bind: SAN FRANCISCO - In a secret court in Washington, Yahoo's top lawyers made their case. The government had sought help in spying on certain foreign users, without a warrant, and Yahoo had refused, saying the broad requests were unconstitutional. The New York Times, June 13, 2013

US gov cyberspying: what is the truth. with Stan Stahl: Radio Featuring Dr Stahl - Dr. Stan Stahl is the one of the nation's top cybersecurity experts. He secured teleconferencing systems for the white house, secret data in Cheyenne Mountain and the communications networks controlling US nuclear weapons. Today, President of Citadel Information Group, he joins us to explain PRISM, the government's program to collect all of our online information and communications. BlogTalkRadio, June 13, 2013

EXCLUSIVE: Google to DOJ: Let us prove to users that NSA isn't snooping on them:There is a "serious misperception" about the National Security Agency's PRISM program, Google chief legal officer David Drummond said in an exclusive interview with Fox News. On Tuesday the company pushed back against the layers of secrecy surrounding the agency's alleged blanket snooping on American citizens. Fox News, June 12, 2013

Earlier Denials Put Intelligence Chief in Awkward Position: WASHINGTON - For years, intelligence officials have tried to debunk what they called a popular myth about the National Security Agency: that its electronic net routinely sweeps up information about millions of Americans. In speeches and Congressional testimony, they have suggested that the agency's immense power is focused exclusively on terrorists and other foreign targets, and that it does not invade Americans' privacy. The New York Times, June 11, 2013

Domestic Surveillance Could Create a Divide in the 2016 Primaries: A poll released on Monday by the Pew Research Center and The Washington Post found a partisan shift in the way Americans view the National Security Agency's domestic surveillance programs. In the survey, slightly more Democrats than Republicans said they found it acceptable for the N.S.A. to track Americans' phone records and e-mails if the goal is to prevent terrorism. By comparison, when Pew Research asked a similar question in 2006, Republicans were about twice as likely as Democrats to support the N.S.A.'s activities. The New York Times, June 11, 2013

Poll Finds Disapproval of Record Collection, but Little Personal Concern: In the wake of the exposure of two classified surveillance operations, most Americans expressed disapproval about the United States government's collecting phone records of "ordinary" Americans. Yet, most showed little concern about their own Internet activities or phone calls' being monitored. The New York Times, June 11, 2013

Why Should We Even Care If the Government Is Collecting Our Data?: Kafka, not Orwell, can help us understand the problems of digitized mass surveillance, argues legal scholar Daniel J. Solove. The Atlantic, June 11, 2013

Across U.S., nearly half say government spying OK within limits: Poll: (Reuters) - Nearly half of all Americans say the U.S. government's broad surveillance tactics are acceptable within limits, according to a Reuters/Ipsos poll on Tuesday that also found widespread concern about the methods that were revealed last week. Reuters, June 11, 2013

Majority Views NSA Phone Tracking as Acceptable Anti-terror Tactic: A majority of Americans - 56% - say the National Security Agency's (NSA) program tracking the telephone records of millions of Americans is an acceptable way for the government to investigate terrorism, though a substantial minority - 41% - say it is unacceptable. And while the public is more evenly divided over the government's monitoring of email and other online activities to prevent possible terrorism, these views are largely unchanged since 2002, shortly after the 9/11 terrorist attacks. Pew Research Center, June 10, 2013

Cyber Warning
MtGox Phishing Campaign Hits Bing, Yahoo!: An active phishing campaign targeting account holders at popular Bitcoin exchange has hijacked the top search results at Bing and, redirecting unwary clickers to, a look-alike domain and Web site that was registered on June 12, 2013, less than 24 hours ago.KrebsOnSecurity, June 13, 2013

ZEUS MONEY MULE RECRUITING SCAM TARGETS JOB SEEKERS: In search of money mules, attackers behind a variant of the Zeus Trojan have configured the malware to activate when users visit careerbuilder[.]com with code that redirects victims to an advertisement for a mule-recruitment website. ThreatPost, June 13, 2013

The Value of a Hacked Email Account: One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers. But just as folks who don't bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves.KrebsOnSecurity, June 10, 2013

Cyber Security Management - Cyber Update
Adobe, Microsoft Patch Flash, Windows: Patch Tuesday is again upon us: Adobe today issued updates for Flash Player and AIR, fixing the same critical vulnerability in both products. Microsoft's patch bundle of five updates addresses 23 vulnerabilities in Windows, Internet Explorer, and Office, including one bug that is already being actively exploited. KrebsOnSecurity, June 11, 2013

Cyber Security Management - Cyber Defense
How to Protect Your PC From PRISM Surveillance: Thursday afternoon, a bombshell dropped: Two leading reports claimed that the U.S. government has been spying on emails, searches, Skype calls, and other electronic communications used by Americans for the last several years, via a program known as PRISM. CIO, June 7, 2013

Cyber Security Management
Snowden Smuggled Documents From NSA on a Thumb Drive: The dreaded thumb drive has struck the Defense Department again as word comes that NSA whistleblower Edward Snowden smuggled out thousands of classified documents on one of the portable devices, despite the military's efforts to ban them. Wired, June 13, 2013

Managing Cyber Security Risk: In our knowledge-based economy where workers need round-the-clock access to relevant channels for communication, information sharing, and collaboration, it is only natural that the use of web-based applications is becoming increasingly prevalent in the business environment. But from a security perspective, this trend has not been without cost. NACD, June 7, 2013

National Cyber Security
Snowden's Leaks on China Could Affect Its Role in His Fate: HONG KONG - The decision by a former National Security Agency contractor to divulge classified data about the United States government's surveillance of computers in mainland China and Hong Kong has complicated his legal position, but may also make China's security apparatus more interested in helping him stay here, law and security experts said on Friday. The New York Times, June 14, 2013

After NSA Leaks, Senators Re-Introduce Bill To Reduce Patriot Act Secrecy: While many in the U.S. government and the media are busy calling for the extradition and prosecution of NSA leaker Edward Snowden, one group of senators is working to change the laws that allowed the secret surveillance his leaks exposed. Forbes, June 11, 2013

NSA director says dozens of attacks were stopped by surveillance programs: The head of the National Security Agency defended his agency's broad electronic surveillance programs Wednesday, saying that they have helped thwart dozens of terrorist attacks and that their recent public disclosure has done "great harm" to the nation's security.The Washington Post, June 12, 2013

Government reviews security damage from NSA disclosures: (Reuters) - The Obama administration has launched an internal review of the potential damage to national security from leaks about U.S. surveillance efforts, as a group of senators and technology companies on Tuesday pushed the government to be more open about the top-secret programs. Reuters, June 11, 2013

After briefing with NSA chief, senators say misinformation, contractors are major concerns: Senate leaders emerged Tuesday from a closed-door meeting with the National Security Agency chief saying the story about the American who leaked details about secret U.S. surveillance programs is enveloped in misinformation and called for public hearings. Fox News, June 11, 2013

Cryptic Overtures and a Clandestine Meeting Gave Birth to a Blockbuster Story:WASHINGTON - The source had instructed his media contacts to come to Hong Kong, visit a particular out-of-the-way corner of a certain hotel, and ask - loudly - for directions to another part of the hotel. If all seemed well, the source would walk past holding a Rubik's Cube. The New York Times, June 10, 2013

Ex-Worker at C.I.A. Says He Leaked Data on Surveillance: WASHINGTON - A 29-year-old former C.I.A. computer technician went public on Sunday as the source behind the daily drumbeat of disclosures about the nation's surveillance programs, saying he took the extraordinary step because "the public needs to decide whether these programs and policies are right or wrong." The New York Times, June 9. 2013

The outsourcing of U.S. intelligence raises risks among the benefits: The unprecedented leak of National Security Agency secrets by an intelligence contractor, including bombshells about top-secret programs to collect telephone records, e-mail and other personal data, was probably an inevitable consequence of the massive growth of the U.S. security-industrial complex. The Washington Post, June 9, 2013's Security Recruiter Blog